Candidate: CVE-2015-9059
PublicDate: 2017-05-28 00:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9059
 https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
Description:
 picocom before 2.0 has a command injection vulnerability in the 'send and
 receive file' command because the command line is executed by /bin/sh
 unsafely.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863671
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_picocom:
upstream_picocom: released (1.7-2)
precise/esm_picocom: DNE
trusty_picocom: released (1.7-2build0.14.04.1)
trusty/esm_picocom: DNE (trusty was released [1.7-2build0.14.04.1])
vivid/stable-phone-overlay_picocom: DNE
vivid/ubuntu-core_picocom: DNE
xenial_picocom: released (1.7-2build0.16.04.1)
yakkety_picocom: released (1.7-2build0.16.10.1)
zesty_picocom: released (1.7-2build0.17.04.1)
devel_picocom: not-affected (1.7-2)